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tal signature key pairs in a public key system 



1 . A method for providing updated dig 
comprising the steps of: 

providing, through a multi-client manager unit, selectable expiry data 
including at least public key expiry data and Selectable private key expiry data that is 
selectable on a per client basis; 1 

storing selected public key exniry data and selected private key expiry 
data for association with a new digital signature key pair; and 

associating the stored selected expiry data with the new digital signature 
key pair to facilitate a transition from an old d 
signature key pair. 



gital signature key pair to a new digital 



2. The method of claim 1 wherein the selectable 
certificate lifetime data for variably setting a li 
certificate associated with a given client. 



3. The method of claim 1 further including 
privilege control on a per client basis to facilit 
key pair on a per client basis. 



I the step of providing variable update 
te denial of updating the digital signature 



4. The method of claim 1 further 

determining whether a digital si 

received from a client unit; 

receiving a new digital signatur^ 

to the digital signature key pair update request 
wherein the step of associating 

creating a new digital signature certificate con 

selected for the client generating the digital sig 
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expiry data is digital signature 
fetime end date for a digital signature 



comprising the steps of: 

si gnature key pair update request has been 

key pair from the client unit in response 
and 

he stored selected expiry data includes 
aining the selected public key expiry data 
nature key pair update request. 
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5. The method of claim 1 further comprising the steps of: 

determining a digital signature private key lifetime end date and a digital 
signature certificate creation date upon a i ser login to the public key system; 

initiating, by a client unit, a digital signature key pair update request based on 
whether a difference between a current dae and the digital signature private key lifetime 
end date (tl) is less than an absolute predetermined period of time (days) and based on 
whether the difference between the current date and the digital signature private key 
lifetime end date (tl) is less than a predetermined percentage of a total duration of a 
digital signature private key lifetime. 



The method of claim 1 wherein the step of providing selectable expiry data on a 
per client basis includes providing a user interface to facilitate setting of the selectable 
expiry data^a desired state. 

7. The method ofbl^im 1 including generating, by the multi-client manager unit, the 
new digital signature key pairfor a client in response to the multi-client manager unit 
receiving a digital signature key paiHrodate request. 



8. The method of claim 1 including storing^H^tificate expiration message in a 
client directory entry upon determination by the multi-cH^nt manager unit of a digital 
signature key expiry condition to facilitate a digital signature Jfoe^pair update request by a 
client. 

9. A method for providing updated encryj tion key pairs in a public key sys 
comprising the steps of: 

providing, through a client man iger unit, selectable expiry data including 
public key expiry data and selectable private k sy expiry data that is selectable on a per 
client basis; 

storing selected public key expijry data for association with a new 
encryption key pair; and 
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associating the stored selected expiry 
pair to facilitate a transition from an old encryption 



data with the new encryption key 
key pair to a new encryption key pair. 
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10. The method of claim 9 wherein the step 
5 includes additionally providing updated digital ; 
includes storing a new digital signature key pair 
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associating the stored selected expiry data to fac: 
signature key pair to a new digital signature key 



of providing selectable expiry data 
; ignature key pairs, the step of storing 
and the step of associating also includes 
litate a transition from an old digital 
3air. 



1 1 . The method of claim 1 0 wherein the selectable expiry data is digital signature 
certificate lifetime data for variably setting a lifetime end date for a digital signature 
certificate associated with a given client and is ei icryption certificate lifetime data for 
variably setting a lifetime end date for an encrypi ion certificate associated with the given 
client. 

12. The method of claim 1 1 further including the step of providing variable update 



privilege control on a per client basis to facilitate 
key pair and the encryption key pair. 



denial of updating the digital signature 




13. The metKod^f^dahnl 1 wherein the digital signature certificate includes 
selectable private key lifetime enddaf 

14. A system for providing updated digitjal signature key pairs in a public key system 
comprising: 

multi-client manager means 
at least public key expiry data and selectable 
a per client basis; 

means, accessible by the mul ; 
public key expiry data and selected private 
digital signature key pair; and 



providing selectable expiry data including 
private key expiry data that is selectable on 

i-client manager means, for storing selected 
expiry data for association with a new 
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pair. 



means, responsive to the sto red selected public key expiry data, for 
associating the stored selected expiry data mth the new digital signature key pair to 
facilitate a transition from an old digital sig nature key pair to a new digital signature key 



1 5 . The system of claim 14 wherein the 
certificate lifetime data for variably setting a 
certificate associated with a given client. 



electable expiry data is digital signature 



16, The system of claim 14 further includjng 
privilege control on a per client basis to facilitate 
key pair on a per client basis. 



ifetime end date for a digital signature 



means for providing variable update 
denial of updating the digital signature 



1 7. The system of claim 1 6 wherein the m ulti-client manager means includes the 
means for associating the stored selected expi y data with the new digital signature key 
pair and wherein the means for providing variable update privilege control. 

18. The system of claim 14 further compr :sing: 



means for determining whethe 
has been received from a client unit; 



a digital signature key pair update request 



means for receiving a new digital signature key pair from the client unit in 
response to the digital signature key pair update request; and 

wherein the means for associating the stored selected expiry data creates a 
new digital signature certificate containing the ; 
for the client generating the digital signature k i 



selected public key expiry data selected 
y pair update request. 



19. The system of claim 14 further comprising: 

means for determining a digital signature private key lifetime end date and a 



digital signature certificate creation date 
client means for initiating a digit; 



upon a user login to the public key system; 
1 signature key pair update request based on 



whether a difference between a current d ite and the digital signature private key lifetime 
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lifetime end date (tl) is less than a predet 
digital signature private key lifetime. 



end date (tl) is less than an absolute pred« termined period of time (days) and based on 
whether the difference between the currer t date and the digital signature private key 



rmined percentage of a total duration of a 
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20. The syste m of claim 14 wherein the means for providing selectable expiry data on 
a per client basis provideTa^ttsei^-int^fece to facilitate setting of the selectable expiry data 
to a desired state. * 



10 21. A storage medium comprising: 

a stored program for execut 



facilitates providing updated digital signature key pairs in a public key system by 



on by a processor wherein the program 



ectable expiry data including at least public 
expiry data that is selectable on a per client 

ic key expiry data and selected private key 



allowing entry of se 
key expiry data and selectable private key 
basis; 

storing selected pub 
expiry data for association with a new digital signature key pair; and 

associating the stored selected expiry data with the new digital 



signature key pair to facilitate a transition 
digital signature key pair. 



from an old digital signature key pair to a new 



digital signature certificate lifetime data 



22. The storage medium of claim 21 wherein the stored program allows selection of 



for variably setting a lifetime end date for a 



digital signature certificate associated wit i a given client. 



23 . The storage medium of claim 2 1 
facilitating variable update privilege 
updating the digital signature key pair or 



30 24. The storage medium of claim 2 1 wherein the stored program further facilitates 



wherein the stored program further includes the 
control on a per client basis to facilitate denial of 
a per client basis. 
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determining whether a digital signature key pair update request has been 
received from a client unit; 
(^> receiving a new digital signature [key pair from the client unit in response 

to the digital signature key pair update request; Lid 
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creating a new digital signature certificate containing the selected public 



key expiry data selected for the client generating 
request. 



the digital signature key pair update 




25. The storage medium of claim 21 wherein the stored program further facilitates the 
steps of: 

determining a digital signature private key lifetime end date and a digital 
signature certificate creation date upon a user login to the public key system; 

initiating, by a client unit, a digital signature key pair update request based on 
whether a difference between a current date anc the digital signature private key lifetime 
end date (tl) is less than an absolute predetermi tied period of time (days) and based on 
whether the difference between the current date and the digital signature private key 
lifetime end date (tl) is less than a predetermined percentage of a total duration of a 
digital signature private key lifetime. 

26. The storage medium of claim 19 wherein the stored program provides a user 
interface to facilitate setting of the se^aMe expiry data to a desired state. 



15 



